OWASP Newsletter #14 (29-Feb-2008)

As always, if you have any content to add to the next edition, please feel free to add it directly to its WIKI page OWASP Newsletter 15.

Alison McNamee - OWASP Operations Director - Alison.mcnamee@owasp.org

Featured Item: OWASP Employee #2, Paulo Coimbra

Paulo Coimbra (following his recent sucess of managing Spoc 07) as accepted to become the 2nd OWASP employee (he will be working part-time until June and full time from then on). Paulo will take on the role of OWASP Project Management, and here are his first short-term action plan:

To launch and manage the new season of code – OWASP Summer of Code 2008.

To contribute to and stabilize OWASP’s new Project Assessment Criteria.

To contribute to the assessment, and re-assessment, of all OWASP projects.

To build and maintain a wiki page with the status of all OWASP projects and their assessments.

To welcome new developers who are interested in joining OWASP community.

To help project leaders and participants with their projects in any way that I can.

Featured Item: Proposed OWASP Project Assessment

OWASP has begun the process of stabilization its PROJECT ASSESSMENT CRITERIA. The objective is to have clear and objective requirements for OWASP project's deliverables (for both tools and documentation).

The current structure is still in flux, so please spend some time reviewing it and send us your comments.

The objective is to map all OWASP Projects to the proposed 3 project modes (Release Quality, Beta Quality and Alpha Quality) in the next couple months.

Featured Project: OWASP Spring of Code 2008 is about to be launched - March 3rd

OWASP is about to launch the 'OWASP SUMMER OF CODE 2008' (SoC 2008). This follows the successfull OWASP Spring of Code 2007 (SpoC 07), in which 21 projects were sponsored with a budget of US$117,500, and the OWASP Autumn of Code 2006 (AoC 06), in which 9 projects were sponsored with a budget of US$20,000.

The SoC 2008 is an open sponsorship program were participants/developers are paid to work on OWASP (and web security) related projects.

The SoC 2008 is also an opportunity for external individual or company sponsors to challenge the participants/developers to work in areas in which they are willing to invest additional funding.

Feb 28 - OWASP Hartford tomorrow (by Marcin) - Tomorrow, February 28th, is the first ever meeting for the brand new Hartford Owasp chapter. James McGovern, the chapter lead has been putting some effort into starting it off with a bang, so I hope everyone in the NY/CT/Mass area can make it. Agenda ...

Feb 27 - Polymorphic Javascript (by Gareth Heyes) - Finding a pattern in malicious javascript is difficult, it’s possible to selectively change the source code yet still execute the same payload. There are many ways to morph Javascript and I shall go through a few of the possibilities and provide...